TIBCO Spotfire Server 3.2.2 - TIBCO Product Documentation
TIBCO Spotfire Server 3.2.2 - TIBCO Product Documentation
TIBCO Spotfire Server 3.2.2 - TIBCO Product Documentation
Create successful ePaper yourself
Turn your PDF publications into a flip-book with our unique Google optimized e-Paper software.
Advanced Procedures<br />
9.5 Configuring LDAPS<br />
In an LDAP environment, where the <strong>Spotfire</strong> system authenticates users with an<br />
LDAP directory, it might be a good idea to secure the LDAP protocol using SSL, if the<br />
LDAP directory supports this.<br />
To achieve this, you must first set up the LDAP directory to communicate using SSL.<br />
Refer to your LDAP server manual for instructions on this.<br />
Then you must get the <strong>Spotfire</strong> <strong>Server</strong>(s) to trust this certificate. This is done by<br />
following steps:<br />
1 Export the certificate to file and copy it to the <strong>Spotfire</strong> <strong>Server</strong>(s) and the configuration<br />
console machine(s).<br />
2 With a command prompt or shell, navigate to the directory /jdk/jre/lib/security and execute the keytool command located in the<br />
/jdk/bin/ directory to import the certificate:<br />
../../bin/keytool -import -file ldapserver.crt -keystore cacerts -alias spotfire_ldaps<br />
Replace ldapserver.crt with the name of the exported certificate.<br />
When prompted, enter the password to the cacerts keystore. The default password is<br />
“changeit”.<br />
3 Verify that the certificate has been successfully added by using the keytool command<br />
again:<br />
../../bin/keytool -list -keystore cacerts -alias spotfire_ldaps<br />
When prompted, enter the password to the cacerts keystore. The result of the<br />
command should be that the certificate is added.<br />
Once the server certificate is trusted by all the <strong>Spotfire</strong> <strong>Server</strong>s, log into the<br />
configuration console and set Authentication Method to LDAPS. Refer to the<br />
configuration console help for assistance.<br />
9.6 Database Authentication using Kerberos<br />
If your database engine is able to authenticate users using Kerberos, you can let the<br />
<strong>Spotfire</strong> <strong>Server</strong> authenticate with it in this way.<br />
To set this up, you need to perform a number of manual steps. While it is possible to<br />
perform these steps on a running <strong>Spotfire</strong> installation, it is recommended that you do<br />
them before defining a <strong>Spotfire</strong> cluster, and before you log into the configuration<br />
console for the first time.<br />
You also need to make sure to either be logged into the database server with the user<br />
created below when creating the <strong>Spotfire</strong> database, or ensure that you can give this<br />
user access to the <strong>Spotfire</strong> database later. Refer to your database engine manual for<br />
more details on this.<br />
<strong>TIBCO</strong> <strong>Spotfire</strong>® <strong>Server</strong> <strong>3.2.2</strong> 91 (144)